[Pki-devel] [PATCH] 65 Added cert revocation REST service.
Ade Lee
alee at redhat.com
Wed Jun 27 19:42:34 UTC 2012
Some initial comments: (Many of these have been mentioned on irc
already)
1. In revokeCert(), you should throw BadRequestException() or similar
rather than EBaseException if the cert being revoked is the CA cert, or
if the cert is already revoked. That should show up as a 4XX error.
2. It looks like you do not handle nonces. We need a task to figure out
how to do this.
3. There is still a fair amount of logic that is in the legacy servlet
and RESTful servlet. I would suggest moving the logic that checks
whether or not the cert should be revoked - ie. is already revoked, or
ca cert already revoked or belongs to different subject or is a system
cert to processor.addCertificateToRevoke() or some similar method. You
can use exceptions/ returns to populate rarg appropriately in the legacy
servlet.
4. What happens if the request is pending or rejected -- ie. not
completed. How would the client know? Should we be returning some kind
of revocation status object? Or the revocation request itself?
I do like the fact that the RevocationProcessor inherits from Processor.
We'll need to square up my ProfileProcessor to do the same thing.
Ade
On Tue, 2012-06-26 at 19:15 -0500, Endi Sukma Dewata wrote:
> On 6/7/2012 9:28 AM, Endi Sukma Dewata wrote:
> > The cert revocation REST service is based on DoRevoke and DoUnrevoke
> > servlets. It provides an interface to manage certificate revocation.
> >
> > Ticket #161
>
> New patch attached. The servlets and REST service have been refactored
> to use a common processor.
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list